Privacy Policy

Effective date: March 3, 2026

iDocThis Inc. ("iDocThis," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share information when you use the iDocThis web portal and any related services (collectively, the "Service").

By using the Service you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information you provide directly

  • Account information — your name and email address when you register.
  • Patient records — names, dates of birth, gender, blood type, allergy information, and any notes you choose to enter for the people you manage.
  • Medical and school records — healthcare provider information, school details, and teacher contact information you add to the Service.
  • Uploaded files — documents, images, and other files you upload (e.g., medical records, school documents, legal documents). Files are stored with metadata you supply such as category, associated patient, and notes.
  • Calendar events — appointment details including titles, dates, times, and linked records.
  • Communications — messages you send us, such as support requests.

Information collected automatically

  • Authentication data — session tokens stored in an encrypted, HTTP-only browser cookie to keep you signed in.
  • Log data — server logs may record your IP address, browser type, pages visited, and timestamps when you use the Service. This data is used for security monitoring and diagnosing technical issues.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service.
  • Authenticate your identity and secure your account.
  • Store and organize patient records, medical records, and documents on your behalf.
  • Enable sharing features when you explicitly choose to share records with a third party.
  • Send transactional communications, such as password reset emails.
  • Respond to your support requests.
  • Detect, investigate, and prevent security incidents or abuse.
  • Comply with applicable legal obligations.

We do not sell your personal information or use it for advertising.

3. How We Store Your Information

Your data is stored on servers and cloud infrastructure located in the United States. Uploaded files are stored in Microsoft Azure Blob Storage using secure, access-controlled containers. Each file is accessible only via time-limited, authenticated URLs — they are not publicly accessible.

We retain your data for as long as your account is active. If you close your account, we will delete your personal data within a reasonable period, except where retention is required by law.

4. How We Share Your Information

We do not share your personal information with third parties except in the following circumstances:

  • With your consent — when you use the sharing features of the Service to share records with a healthcare provider, school administrator, or other authorized recipient, we transmit only the records you specifically choose to share.
  • Service providers — we use a limited number of trusted third-party vendors (e.g., Microsoft Azure for file storage) solely to operate the Service. These vendors are contractually prohibited from using your data for any purpose other than providing services to us.
  • Legal requirements — we may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of iDocThis, our users, or the public.
  • Business transfers — if iDocThis Inc. is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your data is transferred and becomes subject to a different privacy policy.

5. Cookies and Session Tokens

We use a single, encrypted HTTP-only session cookie to maintain your authenticated session. This cookie is strictly necessary for the Service to function and is not used for tracking or advertising. It is automatically removed when you log out or when your session expires.

We do not use third-party analytics cookies, advertising cookies, or tracking pixels.

6. Data Security

We implement industry-standard safeguards to protect your information, including:

  • All data in transit is encrypted via HTTPS/TLS.
  • Authentication tokens are stored in encrypted, HTTP-only cookies that cannot be read by browser scripts.
  • Uploaded files are stored in access-controlled cloud storage and accessed only via authenticated, time-limited URLs.
  • Passwords are never stored in plain text.
  • Access to production systems is restricted to authorized personnel.

No method of transmission or storage is 100% secure. We encourage you to use a strong, unique password and to log out when using shared devices.

7. Children's Privacy

The Service is intended for use by adults (18 years of age or older). We do not knowingly create accounts for or collect personal information directly from children under the age of 13.

The Service is designed for adults to manage records on behalf of dependents (including minor children) — this is different from a minor using the Service themselves. The account holder is responsible for ensuring their use of the Service complies with applicable laws regarding the management of health information on behalf of minors.

If you believe a child under 13 has provided us with personal information without appropriate authorization, please contact us at support@idocthis.com and we will promptly delete it.

8. Your Rights and Choices

You have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — update or correct inaccurate information through your account settings or by contacting us.
  • Deletion — request deletion of your account and associated personal data.
  • Data portability — request an export of your data in a machine-readable format.
  • Withdraw consent — if you have shared records with a third party, you may revoke that sharing at any time through the Service.

To exercise any of these rights, contact us at support@idocthis.com. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected and the right to opt out of the sale of personal information. We do not sell personal information.

9. Links to Third-Party Services

The Service may contain links to external websites or resources. We are not responsible for the privacy practices of those third parties, and this policy does not apply to them. We encourage you to review the privacy policies of any third-party services you access.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. If we make material changes, we will notify you by email or by a prominent notice within the Service before the changes take effect. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, please contact us:

iDocThis Inc.
Privacy Inquiries
support@idocthis.com